85 Commits

Author	SHA1	Message	Date
Sharang Parnerkar	4fa0dd6f6d	refactor(backend/api): extract VVTService (Step 4 — file 5 of 18) ... compliance/api/vvt_routes.py (550 LOC) -> 225 LOC thin routes + 475-line VVTService. Covers the organization header, processing activities CRUD, audit log, JSON/CSV export, stats, and version lookups for the Art. 30 DSGVO Verzeichnis. Single-service split: organization + activities + audit + stats all revolve around the same tenant's VVT document, and the existing test suite (tests/test_vvt_routes.py — 768 LOC, tests/test_vvt_tenant_isolation.py — 205 LOC) exercises them together. Module-level helpers (_activity_to_response, _log_audit, _export_csv) stay module-level in compliance.services.vvt_service and are re-exported from compliance.api.vvt_routes so the two test files keep importing from the old path. Pydantic schemas already live in compliance.schemas.vvt from Step 3 — no new schema file needed this round. mypy.ini flips compliance.api.vvt_routes from ignore_errors=True to False. Two SQLAlchemy Column[str] vs str dict-index errors fixed with explicit str() casts on status/business_function in the stats loop. Verified: - 242/242 pytest (173 core + 69 VVT integration) pass - OpenAPI 360/484 unchanged - mypy compliance/ -> Success on 128 source files - vvt_routes.py 550 -> 225 LOC - vvt_service.py 475 LOC (under 500 hard cap) - Hard-cap violations: 14 -> 13 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 19:50:40 +02:00
Sharang Parnerkar	f39c7ca40c	refactor(backend/api): extract CompanyProfileService (Step 4 — file 4 of 18) ... compliance/api/company_profile_routes.py (640 LOC) -> 154 LOC thin routes. Unusual for this repo: persistence uses raw SQL via sqlalchemy.text() because the underlying compliance_company_profiles table has ~45 columns with complex jsonb coercion and there is no SQLAlchemy model for it. New files: compliance/schemas/company_profile.py (127) — 4 request/response models compliance/services/company_profile_service.py (340) — Service class + row_to_response + log_audit compliance/services/_company_profile_sql.py (139) — 70-line INSERT/UPDATE statements separated for readability Minor behavioral improvement: the handlers now use Depends(get_db) for session management instead of the bespoke `db = SessionLocal(); try: ... finally: db.close()` pattern. This makes the routes consistent with every other refactored service, fixes the broken-ness under test dependency_overrides, and removes 6 duplicate try/finally blocks. Legacy exports preserved: CompanyProfileRequest, CompanyProfileResponse, AuditEntryResponse, AuditListResponse, row_to_response, and log_audit are re-exported from compliance.api.company_profile_routes so that the two existing test files (tests/test_company_profile_routes.py, tests/test_company_profile_extend.py) keep importing from the same path. Pre-existing broken tests noted: 6 tests in those files feed a 40-tuple row into row_to_response, but _BASE_COLUMNS_LIST has 46 columns (has had since the Phase 2 Stammdaten extension). These tests fail on main too (verified via `git stash` round-trip). Not fixed in this commit — they require a rewrite of the test's _make_row helper, which is out of scope for a pure structural refactor. Flagged for follow-up. Verified: - 173/173 pytest compliance/tests/ tests/contracts/ pass - OpenAPI 360/484 unchanged - mypy compliance/ -> Success on 127 source files - company_profile_routes.py 640 -> 154 LOC - All new files under soft 300 target except service (340, under hard 500) - Hard-cap violations: 15 -> 14 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 19:47:29 +02:00
Sharang Parnerkar	d571412657	refactor(backend/api): extract TOMService (Step 4 — file 3 of 18) ... compliance/api/tom_routes.py (609 LOC) -> 215 LOC thin routes + 434-line TOMService. Request bodies (TOMStateBody, TOMMeasureCreate, TOMMeasureUpdate, TOMMeasureBulkItem, TOMMeasureBulkBody) moved to compliance/schemas/tom.py (joining the existing response models from the Step 3 split). Single-service split (not two like banner): state, measures CRUD + bulk upsert, stats, export, and version lookups are all tightly coupled around the TOMMeasureDB aggregate, so splitting would create artificial boundaries. TOMService is 434 LOC — comfortably under the 500 hard cap. Domain error mapping: - ConflictError -> 409 (version conflict on state save; duplicate control_id on create) - NotFoundError -> 404 (missing measure on update; missing version) - ValidationError -> 400 (missing tenant_id on DELETE /state) Legacy test compat: the existing tests/test_tom_routes.py imports TOMMeasureBulkItem, _parse_dt, _measure_to_dict, and DEFAULT_TENANT_ID directly from compliance.api.tom_routes. All re-exported via __all__ so the 44-test file runs unchanged. mypy.ini flips compliance.api.tom_routes from ignore_errors=True to False. TOMService carries the scoped Column[T] header. Verified: - 217/217 pytest (173 baseline + 44 TOM) pass - OpenAPI 360/484 unchanged - mypy compliance/ -> Success on 124 source files - tom_routes.py 609 -> 215 LOC - Hard-cap violations: 16 -> 15 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 19:42:17 +02:00
Sharang Parnerkar	10073f3ef0	refactor(backend/api): extract BannerConsent + BannerAdmin services (Step 4) ... Phase 1 Step 4, file 2 of 18. Same cookbook as audit_routes (4a91814 + 883ef70) applied to banner_routes.py. compliance/api/banner_routes.py (653 LOC) is decomposed into: compliance/api/banner_routes.py (255) — thin handlers compliance/services/banner_consent_service.py (298) — public SDK surface compliance/services/banner_admin_service.py (238) — site/category/vendor CRUD compliance/services/_banner_serializers.py ( 81) — ORM-to-dict helpers shared between the two services compliance/schemas/banner.py ( 85) — Pydantic request models Split rationale: the SDK-facing endpoints (consent CRUD, config retrieval, export, stats) and the admin CRUD endpoints (sites + categories + vendors) have distinct audiences and different auth stories, and combined they would push the service file over the 500 hard cap. Two focused services is cleaner than one ~540-line god class. The shared ORM-to-dict helpers live in a private sibling module (_banner_serializers) rather than a static method on either service, so both services can import without a cycle. Handlers follow the established pattern: - Depends(get_consent_service) or Depends(get_admin_service) - `with translate_domain_errors():` wrapping the service call - Explicit return type annotations - ~3-5 lines per handler Services raise NotFoundError / ConflictError / ValidationError from compliance.domain; no HTTPException in the service layer. mypy.ini flips compliance.api.banner_routes from ignore_errors=True to False, joining audit_routes in the strict scope. The services carry the same scoped `# mypy: disable-error-code="arg-type,assignment"` header used by the audit services for the ORM Column[T] issue. Pydantic schemas moved to compliance.schemas.banner (mirroring the Step 3 schemas split). They were previously defined inline in banner_routes.py and not referenced by anything outside it, so no backwards-compat shim is needed. Verified: - 224/224 pytest (173 baseline + 26 audit integration + 25 banner integration) pass - tests/contracts/test_openapi_baseline.py green (360/484 unchanged) - mypy compliance/ -> Success: no issues found in 123 source files - All new files under the 300 soft target (largest: 298) - banner_routes.py drops from 653 -> 255 LOC (below hard cap) Hard-cap violations remaining: 16 (was 17). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 18:52:31 +02:00
Sharang Parnerkar	883ef702ac	tech-debt: mypy --strict config + integration tests for audit routes ... Phase 1 Step 4 follow-up addressing the debt flagged in the worked-example commit (4a91814). ## mypy --strict policy Adds backend-compliance/mypy.ini declaring the strict-mode scope: Fully strict (enforced today): - compliance/domain/ - compliance/schemas/ - compliance/api/_http_errors.py - compliance/api/audit_routes.py (refactored in Step 4) - compliance/services/audit_session_service.py - compliance/services/audit_signoff_service.py Loose (ignore_errors=True) with a migration path: - compliance/db/* — SQLAlchemy 1.x Column[] vs runtime T; unblocks Phase 1 until a Mapped[T] migration. - compliance/api/<route>.py — each route file flips to strict as its own Step 4 refactor lands. - compliance/services/<legacy util> — 14 utility services (llm_provider, pdf_extractor, seeder, ...) that predate the clean-arch refactor. - compliance/tests/ — excluded (legacy placeholder style). The new TestClient- based integration suite is type-annotated. The two new service files carry a scoped `# mypy: disable-error-code="arg-type,assignment"` header for the ORM Column[T] issue — same underlying SQLAlchemy limitation, narrowly scoped rather than wholesale ignore_errors. Flow: `cd backend-compliance && mypy compliance/` -> clean on 119 files. CI yaml updated to use the config instead of ad-hoc package lists. ## Bugs fixed while enabling strict mypy --strict surfaced two latent bugs in the pre-refactor code. Both were invisible because the old `compliance/tests/test_audit_routes.py` is a placeholder suite that asserts on request-data shape and never calls the handlers: - AuditSessionResponse.updated_at is a required field in the schema, but the original handler didn't pass it. Fixed in AuditSessionService._to_response. - PaginationMeta requires has_next + has_prev. The original audit checklist handler didn't compute them. Fixed in AuditSignOffService.get_checklist. Both are behavior-preserving at the HTTP level because the old code would have raised Pydantic ValidationError at response serialization had the endpoint actually been exercised. ## Integration test suite Adds backend-compliance/tests/test_audit_routes_integration.py — 26 real TestClient tests against an in-memory sqlite backend (StaticPool). Replaces the coverage gap left by the placeholder suite. Covers: - Session CRUD + lifecycle transitions (draft -> in_progress -> completed -> archived), including the 409 paths for illegal transitions - Checklist pagination, filtering, search - Sign-off create / update / auto-start-session / count-flipping - Sign-off 400 (invalid result), 404 (missing requirement), 409 (completed session) - Get-signoff 404 / 200 round-trip Uses a module-scoped schema fixture + per-test DELETE-sweep so the suite runs in ~2.3s despite the ~50-table ORM surface. Verified: - 199/199 pytest (173 original + 26 new audit integration) pass - tests/contracts/test_openapi_baseline.py green, OpenAPI 360/484 unchanged - mypy compliance/ -> Success: no issues found in 119 source files Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 18:39:40 +02:00
Sharang Parnerkar	4a91814bfc	refactor(backend/api): extract AuditSession service layer (Step 4 worked example) ... Phase 1 Step 4 of PHASE1_RUNBOOK.md, first worked example. Demonstrates the router -> service delegation pattern for all 18 oversized route files still above the 500 LOC hard cap. compliance/api/audit_routes.py (637 LOC) is decomposed into: compliance/api/audit_routes.py (198) — thin handlers compliance/services/audit_session_service.py (259) — session lifecycle compliance/services/audit_signoff_service.py (319) — checklist + sign-off compliance/api/_http_errors.py ( 43) — reusable error translator Handlers shrink to 3-6 lines each: @router.post("/sessions", response_model=AuditSessionResponse) async def create_audit_session( request: CreateAuditSessionRequest, service: AuditSessionService = Depends(get_audit_session_service), ): with translate_domain_errors(): return service.create(request) Services are HTTP-agnostic: they raise NotFoundError / ConflictError / ValidationError from compliance.domain, and the route layer translates those to HTTPException(404/409/400) via the translate_domain_errors() context manager in compliance.api._http_errors. The error translator is reusable by every future Step 4 refactor. Services take a sqlalchemy Session in the constructor and are wired via Depends factories (get_audit_session_service / get_audit_signoff_service). No globals, no module-level state. Behavior is byte-identical at the HTTP boundary: - Same paths, methods, status codes, response models - Same error messages (domain error __str__ preserved) - Same auto-start-on-first-signoff, same statistics calculation, same signature hash format, same PDF streaming response Verified: - 173/173 pytest compliance/tests/ tests/contracts/ pass - OpenAPI 360 paths / 484 operations unchanged - audit_routes.py under soft 300 target - Both new service files under soft 300 / hard 500 Note: compliance/tests/test_audit_routes.py contains placeholder tests that do not actually import or call the handler functions — they only assert on request-data shape. Real behavioral coverage relies on the contract test. A follow-up commit should add TestClient-based integration tests for the audit endpoints. Flagged in PHASE1_RUNBOOK. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 18:16:50 +02:00
Sharang Parnerkar	482e8574ad	refactor(backend/db): split repository.py + isms_repository.py per-aggregate ... Phase 1 Step 5 of PHASE1_RUNBOOK.md. compliance/db/repository.py (1547 LOC) decomposed into seven sibling per-aggregate repository modules: regulation_repository.py (268) — Regulation + Requirement control_repository.py (291) — Control + ControlMapping evidence_repository.py (143) risk_repository.py (148) audit_export_repository.py (110) service_module_repository.py (247) audit_session_repository.py (478) — AuditSession + AuditSignOff compliance/db/isms_repository.py (838 LOC) decomposed into two sub-aggregate modules mirroring the models split: isms_governance_repository.py (354) — Scope, Policy, Objective, SoA isms_audit_repository.py (499) — Finding, CAPA, Review, Internal Audit, Trail, Readiness Both original files become thin re-export shims (37 and 25 LOC respectively) so every existing import continues to work unchanged. New code SHOULD import from the aggregate module directly. All new sibling files under the 500-line hard cap; largest is isms_audit_repository.py at 499 (on the edge; when Phase 1 Step 4 router->service extraction lands, the audit_session repo may split further if growth exceeds 500). Verified: - 173/173 pytest compliance/tests/ tests/contracts/ pass - OpenAPI 360 paths / 484 operations unchanged - All repo files under 500 LOC Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 18:08:39 +02:00
Sharang Parnerkar	d9dcfb97ef	refactor(backend/api): split schemas.py into per-domain modules (1899 -> 39 LOC shim) ... Phase 1 Step 3 of PHASE1_RUNBOOK.md. compliance/api/schemas.py is decomposed into 16 per-domain Pydantic schema modules under compliance/schemas/: common.py ( 79) — 6 API enums + PaginationMeta regulation.py ( 52) requirement.py ( 80) control.py (119) — Control + Mapping evidence.py ( 66) risk.py ( 79) ai_system.py ( 63) dashboard.py (195) — Dashboard, Export, Executive Dashboard service_module.py (121) bsi.py ( 58) — BSI + PDF extraction audit_session.py (172) report.py ( 53) isms_governance.py (343) — Scope, Context, Policy, Objective, SoA isms_audit.py (431) — Finding, CAPA, Review, Internal Audit, Readiness, Trail, ISO27001 vvt.py (168) tom.py ( 71) compliance/api/schemas.py becomes a 39-line re-export shim so existing imports (from compliance.api.schemas import RegulationResponse) keep working unchanged. New code should import from the domain module directly (from compliance.schemas.regulation import RegulationResponse). Deferred-from-sweep: all 28 class Config blocks in the original file were converted to model_config = ConfigDict(...) during the split. schemas.py-sourced PydanticDeprecatedSince20 warnings are now gone. Cross-domain references handled via targeted imports (e.g. dashboard.py imports EvidenceResponse from evidence, RiskResponse from risk). common API enums + PaginationMeta are imported by every domain module. Verified: - 173/173 pytest compliance/tests/ tests/contracts/ pass - OpenAPI 360 paths / 484 operations unchanged (contract test green) - All new files under the 500-line hard cap (largest: isms_audit.py at 431, isms_governance.py at 343, dashboard.py at 195) - No file in compliance/schemas/ or compliance/api/schemas.py exceeds the hard cap Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 18:06:27 +02:00
Sharang Parnerkar	3320ef94fc	refactor: phase 0 guardrails + phase 1 step 2 (models.py split) ... Squash of branch refactor/phase0-guardrails-and-models-split — 4 commits, 81 files, 173/173 pytest green, OpenAPI contract preserved (360 paths / 484 operations). ## Phase 0 — Architecture guardrails Three defense-in-depth layers to keep the architecture rules enforced regardless of who opens Claude Code in this repo: 1. .claude/settings.json PreToolUse hook on Write/Edit blocks any file that would exceed the 500-line hard cap. Auto-loads in every Claude session in this repo. 2. scripts/githooks/pre-commit (install via scripts/install-hooks.sh) enforces the LOC cap locally, freezes migrations/ without [migration-approved], and protects guardrail files without [guardrail-change]. 3. .gitea/workflows/ci.yaml gains loc-budget + guardrail-integrity + sbom-scan (syft+grype) jobs, adds mypy --strict for the new Python packages (compliance/{services,repositories,domain,schemas}), and tsc --noEmit for admin-compliance + developer-portal. Per-language conventions documented in AGENTS.python.md, AGENTS.go.md, AGENTS.typescript.md at the repo root — layering, tooling, and explicit "what you may NOT do" lists. Root CLAUDE.md is prepended with the six non-negotiable rules. Each of the 10 services gets a README.md. scripts/check-loc.sh enforces soft 300 / hard 500 and surfaces the current baseline of 205 hard + 161 soft violations so Phases 1-4 can drain it incrementally. CI gates only CHANGED files in PRs so the legacy baseline does not block unrelated work. ## Deprecation sweep 47 files. Pydantic V1 regex= -> pattern= (2 sites), class Config -> ConfigDict in source_policy_router.py (schemas.py intentionally skipped; it is the Phase 1 Step 3 split target). datetime.utcnow() -> datetime.now(timezone.utc) everywhere including SQLAlchemy default= callables. All DB columns already declare timezone=True, so this is a latent-bug fix at the Python side, not a schema change. DeprecationWarning count dropped from 158 to 35. ## Phase 1 Step 1 — Contract test harness tests/contracts/test_openapi_baseline.py diffs the live FastAPI /openapi.json against tests/contracts/openapi.baseline.json on every test run. Fails on removed paths, removed status codes, or new required request body fields. Regenerate only via tests/contracts/regenerate_baseline.py after a consumer-updated contract change. This is the safety harness for all subsequent refactor commits. ## Phase 1 Step 2 — models.py split (1466 -> 85 LOC shim) compliance/db/models.py is decomposed into seven sibling aggregate modules following the existing repo pattern (dsr_models.py, vvt_models.py, ...): regulation_models.py (134) — Regulation, Requirement control_models.py (279) — Control, Mapping, Evidence, Risk ai_system_models.py (141) — AISystem, AuditExport service_module_models.py (176) — ServiceModule, ModuleRegulation, ModuleRisk audit_session_models.py (177) — AuditSession, AuditSignOff isms_governance_models.py (323) — ISMSScope, Context, Policy, Objective, SoA isms_audit_models.py (468) — Finding, CAPA, MgmtReview, InternalAudit, AuditTrail, Readiness models.py becomes an 85-line re-export shim in dependency order so existing imports continue to work unchanged. Schema is byte-identical: __tablename__, column definitions, relationship strings, back_populates, cascade directives all preserved. All new sibling files are under the 500-line hard cap; largest is isms_audit_models.py at 468. No file in compliance/db/ now exceeds the hard cap. ## Phase 1 Step 3 — infrastructure only backend-compliance/compliance/{schemas,domain,repositories}/ packages are created as landing zones with docstrings. compliance/domain/ exports DomainError / NotFoundError / ConflictError / ValidationError / PermissionError — the base classes services will use to raise domain-level errors instead of HTTPException. PHASE1_RUNBOOK.md at backend-compliance/PHASE1_RUNBOOK.md documents the nine-step execution plan for Phase 1: snapshot baseline, characterization tests, split models.py (this commit), split schemas.py (next), extract services, extract repositories, mypy --strict, coverage. ## Verification backend-compliance/.venv-phase1: uv python install 3.12 + pip -r requirements.txt PYTHONPATH=. pytest compliance/tests/ tests/contracts/ -> 173 passed, 0 failed, 35 warnings, OpenAPI 360/484 unchanged Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 13:18:29 +02:00
Sharang Parnerkar	86588aff09	Fix SQLAlchemy 2.x compatibility: wrap raw SQL in text() ... SQLAlchemy 2.x requires raw SQL strings to be explicitly wrapped in text(). Fixed 16 instances across 5 route files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 10:16:52 +01:00
Benjamin Admin	f738ca8c52	fix: make compliance router imports resilient to individual module failures ... Replaced bare imports with safe_import_router pattern — if one sub-router fails to import (e.g. missing dependency), other routers still load. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 09:46:52 +01:00
Benjamin Admin	c530898963	fix: replace Python 3.10+ union type syntax with typing.Optional for Pydantic v2 compat ... from __future__ import annotations breaks Pydantic BaseModel runtime type evaluation. Replaced str | None → Optional[str], list[str] → List[str] etc. in control_generator.py, anchor_finder.py, control_generator_routes.py. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 09:36:14 +01:00
Benjamin Admin	cdafc4d9f4	feat: auto-run SQL migrations on backend startup ... Adds migration_runner.py that executes pending migrations from migrations/ directory when backend-compliance starts. Tracks applied migrations in _migration_history table. Handles existing databases: detects if tables from migrations 001-045 already exist and seeds the history table accordingly, so only new migrations (046+) are applied. Skippable via SKIP_MIGRATIONS=true env var. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 09:14:18 +01:00
Benjamin Admin	de19ef0684	feat(control-generator): 7-stage pipeline for RAG→LLM→Controls generation ... Implements the Control Generator Pipeline that systematically generates canonical security controls from 150k+ RAG chunks across all compliance collections (BSI, NIST, OWASP, ENISA, EU laws, German laws). Three license rules enforced throughout: - Rule 1 (free_use): Laws/Public Domain — original text preserved - Rule 2 (citation_required): CC-BY/CC-BY-SA — text with citation - Rule 3 (restricted): BSI/ISO — full reformulation, no source traces New files: - Migration 046: job tracking, chunk tracking, blocked sources tables - control_generator.py: 7-stage pipeline (scan→classify→structure/reform→harmonize→anchor→store→mark) - anchor_finder.py: RAG + DuckDuckGo open-source reference search - control_generator_routes.py: REST API (generate, review, stats, blocked-sources) - test_control_generator.py: license mapping, rule enforcement, anchor filtering tests Modified: - __init__.py: register control_generator_router - route.ts: proxy generator/review/stats endpoints - page.tsx: Generator modal, stats panel, state filter, review queue, license badges Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 09:03:37 +01:00
Benjamin Admin	c87f07c99a	feat: seed 10 canonical controls + CRUD endpoints + frontend editor ... - Migration 045: Seed 10 controls (AUTH, NET, SUP, LOG, WEB, DATA, CRYP, REL) with 39 open-source anchors into the database - Backend: POST/PUT/DELETE endpoints for canonical controls CRUD - Frontend proxy: PUT and DELETE methods added to canonical route - Frontend: Control Library with create/edit/delete UI, full form with open anchor management, scope, requirements, evidence, test procedures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 00:28:21 +01:00
Benjamin Admin	050f353192	feat(canonical-controls): Canonical Control Library — rechtssichere Security Controls ... Eigenstaendig formulierte Security Controls mit unabhaengiger Taxonomie und Open-Source-Verankerung (OWASP, NIST, ENISA). Keine BSI-Nomenklatur. - Migration 044: 5 DB-Tabellen (frameworks, controls, sources, licenses, mappings) - 10 Seed Controls mit 39 Open-Source-Referenzen - License Gate: Quellen-Berechtigungspruefung (analysis/excerpt/embeddings/product) - Too-Close-Detektor: 5 Metriken (exact-phrase, token-overlap, ngram, embedding, LCS) - REST API: 8 Endpoints unter /v1/canonical/ - Go Loader mit Multi-Index (ID, domain, severity, framework) - Frontend: Control Library Browser + Provenance Wiki - CI/CD: validate-controls.py Job (schema, no-leak, open-anchors) - 67 Tests (8 Go + 59 Python), alle PASS - MkDocs Dokumentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 19:55:06 +01:00
Benjamin Admin	e3fb81fc0d	feat(vvt): Aufklappbare Abteilungskacheln mit Datenkategorien + Wiki-Infoboxen ... Step 2 im VVT-Generator: Ja/Nein-Buttons durch expandierbare Kacheln ersetzt. Pro Abteilung werden typische Datenkategorien als Checkboxen angezeigt (isTypical vorausgefuellt), Art. 9 Kategorien orange hervorgehoben mit DSGVO-Warnung. 7 neue Wiki-Artikel fuer Datenkategorien pro Geschaeftsbereich (HR, Finanzen, Vertrieb, Marketing, Support, IT, Produktion). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-10 13:11:00 +01:00
Benjamin Admin	9f41ed4f8e	fix: CREATE audit table IF NOT EXISTS before ALTER in migration 042 ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 23:54:20 +01:00
Benjamin Admin	e7fab73a3a	fix(company-profile): Projekt-aware Persistenz — Daten werden jetzt pro Projekt gespeichert ... Problem: Company Profile nutzte hartcodiertes tenant_id=default ohne project_id. Beim Wechsel zwischen Projekten wurden immer die gleichen (oder keine) Daten geladen. Aenderungen: - Migration 042: project_id Spalte + UNIQUE(tenant_id, project_id) Constraint, fehlende Spalten (offering_urls, Adressfelder) nachgetragen - Backend: Alle Queries nutzen WHERE tenant_id + project_id IS NOT DISTINCT FROM - Proxy: project_id Query-Parameter wird durchgereicht - Frontend: projectId aus SDK-Context, profileApiUrl() Helper fuer alle API-Aufrufe - "Weiter" speichert jetzt immer den Draft (war schon so, ging aber ins Leere) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 23:48:15 +01:00
Benjamin Admin	1c59996f32	feat(wiki): Enrich wiki with DACH court decisions and 18 new articles ... - Update all 10 existing articles with real source URLs (EuGH, BAG, DSK, BfDI) - Add 18 new articles covering: - EuGH C-184/20 (wide interpretation Art. 9) - EuGH C-667/21 (cumulative legal basis) - EuGH C-34/21 (§26 BDSG unconstitutional) - EuGH C-634/21 (SCHUFA scoring) - EuGH C-582/14 (IP addresses as personal data) - Biometric data, indirect Art. 9 data in daily practice - Retention periods overview - Video surveillance and GPS tracking at workplace - Communication data (email/chat, Fernmeldegeheimnis) - Financial data, PCI DSS, SEPA - Minors (Art. 8 DSGVO) - Austria DSG specifics, Switzerland revDSG - AI training data and GDPR/AI Act - "Forced" special categories - Add 3 new categories (EuGH-Leiturteile, Aufbewahrungsfristen, DACH-Besonderheiten) - Add code block rendering to markdown renderer - Add Clock, Globe, Gavel icons to icon map - Total: 11 categories, 28 articles, all with verified source URLs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 20:43:23 +01:00
Benjamin Admin	61064fdcba	fix: Cast empty ARRAY[] to text[] in wiki migration ... PostgreSQL requires explicit type cast for empty array literals. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 20:12:54 +01:00
Benjamin Admin	11d4c2fd36	feat: Add Compliance Wiki as internal admin knowledge base ... Migration 040 with wiki_categories + wiki_articles tables, 10 seed articles across 8 categories (DSGVO, Art. 9, AVV, HinSchG etc.). Read-only FastAPI API, Next.js proxy, and two-column frontend with full-text search. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 20:01:27 +01:00
Benjamin Admin	09cfb79840	feat: Projekt-Verwaltung verbessern — Archivieren, Loeschen, Wiederherstellen ... - Backend: Restore-Endpoint (POST /projects/{id}/restore) und Hard-Delete-Endpoint (DELETE /projects/{id}/permanent) hinzugefuegt - Frontend: Dreistufiger Dialog (Archivieren / Endgueltig loeschen mit Bestaetigungsdialog) statt einfachem Loeschen - Archivierte Projekte aufklappbar in der Projektliste mit Wiederherstellen-Button - CustomerTypeSelector entfernt (redundant seit Multi-Projekt) - Default tenantId von 'default' auf UUID geaendert (Backend-400-Fix) - SQL-Cast :state::jsonb durch CAST(:state AS jsonb) ersetzt (SQLAlchemy-Fix) - snake_case/camelCase-Mapping fuer Backend-Response (NaN-Datum-Fix) - projectInfo wird beim Laden vom Backend geholt (Header zeigt Projektname) - API-Client erzeugt sich on-demand (Race-Condition-Fix fuer Projektliste) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 17:48:02 +01:00
Benjamin Admin	d787e58341	fix(migration): handle missing sdk_states table in migration 039 ... The sdk_states table may not exist yet if no state has been saved via the frontend. Wrap sdk_states alterations in a conditional DO block. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 15:06:06 +01:00
Benjamin Admin	0affa4eb66	feat(sdk): Multi-Projekt-Architektur — mehrere Projekte pro Tenant ... Jeder Tenant kann jetzt mehrere Compliance-Projekte anlegen (z.B. verschiedene Produkte, Tochterunternehmen). CompanyProfile ist pro Projekt kopierbar und danach unabhaengig editierbar. Multi-Tab-Support via separater BroadcastChannel und localStorage Keys pro Projekt. - Migration 039: compliance_projects Tabelle, sdk_states.project_id - Backend: FastAPI CRUD-Routes fuer Projekte mit Tenant-Isolation - Frontend: ProjectSelector UI, SDKProvider mit projectId, URL ?project= - State API: UPSERT auf (tenant_id, project_id) mit Abwaertskompatibilitaet - Tests: pytest fuer Model-Validierung, Row-Konvertierung, Tenant-Isolation - Docs: MKDocs Seite, CLAUDE.md, Backend README Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 14:53:50 +01:00
Benjamin Admin	53ff0722a4	fix(backend): SQLAlchemy text() fuer alle raw SQL + UI-Verbesserungen ... - CRITICAL: Alle db.execute() Aufrufe in company_profile_routes.py und generation_routes.py mit text() gewrapped (SQLAlchemy 2.x) - Geschaeftsmodell-Kacheln: Nur Kurztext, Beschreibung bei Klick - "Warum diese Fragen" in Hauptbereich unter Ueberschrift verschoben - Sidebar-Box entfernt fuer mehr Platz Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-08 22:53:29 +01:00
Benjamin Admin	2abf0b4cac	feat(sdk): Company Profile Wizard verbessert ... - B2B2C als Geschaeftsmodell hinzugefuegt - URL-Felder bei Offering-Auswahl (Website, Shop, App, SaaS) — optional - Schritt-spezifische Erklaerungen in "Warum diese Fragen?" - Firmenname ohne Rechtsform, Templates bauen automatisch zusammen - Gruendungsjahr springt auf 2000 statt 1800 - SDK-Abdeckung Panel und Profil-loeschen Button entfernt Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-08 22:41:15 +01:00
Benjamin Admin	56758e8b55	fix(mock-data): Fake-Daten bei leerer DB entfernt — ISMS 0%, Dashboard keine simulierten Trends, Compliance-Hub keine Fallback-Zahlen ... - ISMS Overview: 14% → 0% bei leerer DB, "not_started" Status, alle Kapitel 0% - Dashboard: 12-Monate simulierte Trend-Historie entfernt - Compliance-Hub: Hardcoded Fallback-Statistiken (474/180/95/120/79/44/558/19) → 0 - SQLAlchemy Bug: `is not None` → `.isnot(None)` in SoA-Query - Hardcoded chapter_7/8_status="pass" → berechnet aus Findings Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 23:25:25 +01:00
Benjamin Admin	95fcba34cd	fix(quality): Ruff/CVE/TS-Fixes, 104 neue Tests, Complexity-Refactoring ... - Ruff: 144 auto-fixes (unused imports, == None → is None), F821/F811/F841 manuell - CVEs: python-multipart>=0.0.22, weasyprint>=68.0, pillow>=12.1.1, npm audit fix (0 vulns) - TS: 5 tote Drafting-Engine-Dateien entfernt, allowed-facts/sanitizer/StepHeader/context fixes - Tests: +104 (ISMS 58, Evidence 18, VVT 14, Generation 14) → 1449 passed - Refactoring: collect_ci_evidence (F→A), row_to_response (E→A), extract_requirements (E→A) - Dead Code: pca-platform, 7 Go-Handler, dsr_api.py, duplicate Schemas entfernt Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 19:00:33 +01:00
Benjamin Admin	6509e64dd9	feat(sdk): API-Referenz Frontend + Backend-Konsolidierung (Shared Utilities, CRUD Factory) ... - API-Referenz Seite (/sdk/api-docs) mit ~690 Endpoints, Suche, Filter, Modul-Index - Shared db_utils.py (row_to_dict) + tenant_utils Integration in 6 Route-Dateien - CRUD Factory (crud_factory.py) fuer zukuenftige Module - Version-Route Auto-Registration in versioning_utils.py - 1338 Tests bestanden, -232 Zeilen Duplikat-Code Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 17:07:43 +01:00
Benjamin Admin	7ec6b9f6c0	fix(cleanup): ISMS Bugfix, 13 tote AI-Endpoints entfernt, Compliance-Hub Proxy fix ... - ISMS: markStepCompleted entfernt (existiert nicht in SDKContext, verursachte Application Error) - AI Routes: 13 ungenutzte Endpoints entfernt (ai_routes.py 1266→379 Zeilen, -887) - Schemas: 12 ungenutzte AI-Schema-Klassen entfernt (-108 Zeilen) - Compliance-Hub: 5 Fetch-URLs von /api/admin/... auf /api/sdk/v1/... umgestellt - Tests: 1361 passed, 0 Regressionen Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 15:13:19 +01:00
Benjamin Admin	1e84df9769	feat(sdk): Multi-Tenancy, Versionierung, Change-Requests, Dokumentengenerierung (Phase 1-6) ... 6-Phasen-Implementation fuer cloud-faehiges, mandantenfaehiges Compliance SDK: Phase 1: Multi-Tenancy Fix - Shared tenant_utils.py Dependency (UUID-Validierung, kein "default" mehr) - VVT tenant_id Column + tenant-scoped Queries - DSFA/Vendor DEFAULT_TENANT_ID von "default" auf UUID migriert - Migration 035 Phase 2: Stammdaten-Erweiterung - Company Profile um JSONB-Felder erweitert (processing_systems, ai_systems, technical_contacts) - Regulierungs-Flags (NIS2, AI Act, ISO 27001) - GET /template-context Endpoint - Migration 036 Phase 3: Dokument-Versionierung - 5 Versions-Tabellen (DSFA, VVT, TOM, Loeschfristen, Obligations) - Shared versioning_utils.py Helper - /{id}/versions Endpoints auf allen 5 Dokumenttypen - Migration 037 Phase 4: Change-Request System - Zentrale CR-Inbox mit CRUD + Accept/Reject/Edit Workflow - Regelbasierte CR-Engine (VVT DPIA → DSFA CR, Datenkategorien → Loeschfristen CR) - Audit-Trail - Migration 038 Phase 5: Dokumentengenerierung - 5 Template-Generatoren (DSFA, VVT, TOM, Loeschfristen, Obligations) - Preview + Apply Endpoints (erzeugt CRs, keine direkten Dokumente) Phase 6: Frontend-Integration - Change-Request Inbox Page mit Stats, Filtern, Modals - VersionHistory Timeline-Komponente - SDKSidebar CR-Badge (60s Polling) - Company Profile: 2 neue Wizard-Steps + "Dokumente generieren" CTA Docs: 5 neue MkDocs-Seiten, CLAUDE.md aktualisiert Tests: 97 neue Tests (alle bestanden) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 14:12:34 +01:00
Benjamin Admin	3467bce222	feat(obligations): Go PARTIAL DEPRECATED, Python x-user-id, UCCA Proxy Headers, 62 Tests ... - Go obligations_handlers.go: CRUD-Overlap als deprecated markiert, AI-Features (Assess/Gap/TOM/Export) bleiben aktiv - Python obligation_routes.py: x-user-id Header + Audit-Logging an 4 Write-Endpoints - 3 UCCA Proxy-Dateien: Default X-Tenant-ID + X-User-ID Headers - Tests von 39 auf 62 erweitert (+23 Route-Integration-Tests mit mock_db/TestClient) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 21:31:14 +01:00
Benjamin Admin	a5e4801b09	fix(escalations): Tenant/User-ID Defaults + Routing-Klarheit ... - escalations/route.ts: X-Tenant-Id + X-User-Id Default-Header ergaenzt, X-User-Id aus Request weitergeleitet - escalation_routes.py: DEFAULT_TENANT_ID Konstante (9282a473-...) statt 'default' - test_escalation_routes.py: vollstaendige Test-Suite ergaenzt (+337 Zeilen) - main.go + escalation_handlers.go: DEPRECATED-Kommentare — UCCA-Escalations bleiben fuer Assessment-Review, Haupt-Escalation-System ist Python-Backend Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-06 21:15:02 +01:00
Benjamin Admin	2dd86e97be	feat(incidents): Go Incidents nach Python migrieren, Proxy umleiten, 50 Tests ... - incident_routes.py: 15 Endpoints (CRUD, Risk Assessment, Art. 33/34 Notifications, Measures, Timeline, Close, Stats) - Neuer Endpoint PUT /{id}/status (nicht in Go vorhanden, Frontend braucht ihn) - Proxy von ai-compliance-sdk:8090 auf backend-compliance:8002 umgeleitet - Go incidents_handlers.go + main.go als DEPRECATED markiert - 50/50 Tests bestanden Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 20:50:00 +01:00
Benjamin Admin	8742cb7f5a	docs: Qdrant und MinIO/Object-Storage Referenzen aktualisieren ... - Qdrant: lokaler Container → qdrant-dev.breakpilot.ai (gehostet, API-Key) - MinIO: bp-core-minio → Hetzner Object Storage (nbg1.your-objectstorage.com) - CLAUDE.md, MkDocs, ARCHITECTURE.md, training.md, ci-cd-pipeline.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 20:18:29 +01:00
Benjamin Admin	6a940344c2	feat(dsfa): Go DSFA deprecated, URL-Fix, fehlende Endpoints + 145 Tests ... - Go: DEPRECATED-Kommentare an allen 6 DSFA-Handlern + Route-Block - api.ts: URL-Fix /dsgvo/dsfas → /dsfa (Detail-Seite war komplett kaputt) - Python: Section-Update, Workflow (submit/approve), Export (JSON+CSV), UCCA-Stubs - Tests: 145/145 bestanden (Schema + Route-Integration mit TestClient+SQLite) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 19:41:12 +01:00
Benjamin Admin	095eff26d9	feat(dsr): Go DSR deprecated, Python Export-Endpoint, Frontend an Backend-APIs anbinden ... - Go: DEPRECATED-Kommentare an allen DSR-Handlern und Routes - Python: GET /dsr/export?format=csv|json (Semikolon-CSV, 12 Spalten) - API-Client: 12 neue Funktionen (verify, assign, extend, complete, reject, communications, exception-checks, history) - Detail-Seite: Alle Actions verdrahtet (keine Coming-soon-Alerts mehr), Communications + Art.17(3)-Checks + Audit-Log live - Haupt-Seite: CSV-Export-Button im Header - Tests: 54/54 bestanden (4 neue Export-Tests) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 18:21:43 +01:00
Benjamin Admin	3593a4ff78	feat(tom): TOM-Backend in Python erstellen, Frontend von In-Memory auf DB migrieren ... - Migration 034: compliance_tom_state + compliance_tom_measures Tabellen - Python Routes: State CRUD, Measures CRUD, Bulk-Upsert, Stats, CSV/JSON-Export - Frontend-Proxy: In-Memory Storage durch Proxy zu backend-compliance ersetzt - Go TOM-Handler als DEPRECATED markiert (Source of Truth ist jetzt Python) - 44 Tests (alle bestanden) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 17:35:44 +01:00
Benjamin Admin	4cbfea5c1d	feat(vvt): Go-Features nach Python portieren (Source of Truth) ... Review-Daten (last_reviewed_at, next_review_at), created_by, DSFA-Link, CSV-Export mit Semikolon-Trennung, overdue_review_count in Stats. Go-VVT-Handler als DEPRECATED markiert. 32 Tests bestanden. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 17:14:38 +01:00
Benjamin Admin	adc95267bd	chore: LLM qwen3:30b-a3b → qwen3.5:35b-a3b ... Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-06 07:31:55 +01:00
Benjamin Admin	529c37d91a	chore: diverse Bereinigungen und Fixes ... - admin-compliance: .dockerignore + Dockerfile bereinigt - dsfa-corpus/route.ts + legal-corpus/route.ts entfernt (obsolet) - webhooks/woodpecker/route.ts: minor fix - dsfa/[id]/page.tsx: Refactoring - service_modules.py + README.md: aktualisiert - Migration 028 → 032 umbenannt (legal_documents_extend) - docs: index.md + DEVELOPER.md aktualisiert Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 17:24:15 +01:00
Benjamin Admin	3ed8300daf	feat(extraction): POST /compliance/extract-requirements-from-rag ... Sucht alle RAG-Kollektionen nach Prüfaspekten und legt automatisch Anforderungen in der DB an. Kernfeatures: - Durchsucht alle 6 RAG-Kollektionen parallel (bp_compliance_ce, bp_compliance_recht, bp_compliance_gesetze, bp_compliance_datenschutz, bp_dsfa_corpus, bp_legal_templates) - Erkennt BSI Prüfaspekte (O.Purp_6) im Artikel-Feld und per Regex - Dedupliziert nach (regulation_code, article) — safe to call many times - Auto-erstellt Regulations-Stubs für unbekannte regulation_codes - dry_run=true zeigt was erstellt würde ohne DB-Schreibzugriff - Optionale Filter: collections, regulation_codes, search_queries - 18 Tests (alle bestanden) - Frontend: "Aus RAG extrahieren" Button auf /sdk/requirements Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 15:11:10 +01:00
Benjamin Admin	bd9796725a	feat(compliance-kern): Tests, MkDocs + RAG-Controls Button für Anforderungen/Controls/Nachweise/Risiken ... - 74 neue Tests (test_risk_routes, test_evidence_routes, test_requirement_routes, test_control_routes) Enum-Mocking (.value), ControlStatusEnum-Validierung, db.query() direkte Mocks - MkDocs: docs-src/services/sdk-modules/compliance-kern.md Endpunkt-Tabellen, Schema-Erklärungen, CI/CD-Beispiele, Risikomatrix - controls/page.tsx: "KI-Controls aus RAG vorschlagen" Button POST /api/sdk/v1/compliance/ai/suggest-controls, Suggestion-Panel, Requirement-ID-Eingabe + Dropdown, Konfidenz-Anzeige, Hinzufügen-Aktion Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 13:43:02 +01:00
Benjamin Admin	ef17151a41	fix(import+screening): GET-Alias, DELETE-Endpoint, ehrlicher Scan-Status ... Import-Backend: - GET /v1/import (Root-Alias) → list_documents; behebt URL-Mismatch im Proxy - DELETE /v1/import/{document_id} → löscht Dokument + Gap-Analyse (mit Tenant-Isolierung) - 6 neue Tests (65 total, alle grün) Screening-Frontend: - Simulierten Fortschrittsbalken (Math.random) entfernt — war inhaltlich falsch - Ersetzt durch indeterminate Spinner + rotierende ehrliche Status-Texte (z.B. "OSV.dev Datenbank wird abgefragt...") im 2-Sek.-Takt - Kein scanProgress-State mehr benötigt Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 12:07:01 +01:00
Benjamin Admin	3913931d5b	feat(freigabe): Import/Screening/Modules/RAG — API-Tests, Migration 031, Bug-Fix ... - import_routes: GET /gap-analysis/{document_id} implementiert - import_routes: Bug-Fix — gap_analysis_result vor try-Block initialisiert (verhindert UnboundLocalError bei DB-Fehler) - test_import_routes: 21 neue API-Endpoint-Tests (59 total, alle grün) - test_screening_routes: 18 neue API-Endpoint-Tests (74 total, alle grün) - 031_modules.sql: Migration für compliance_service_modules, compliance_module_regulations, compliance_module_risks - test_module_routes: 20 neue Tests für Module-Registry-Routen (alle grün) - freigabe-module.md: MkDocs-Seite für Import/Screening/Modules/RAG - mkdocs.yml: Nav-Eintrag "Freigabe-Module (Paket 2)" Gesamt: 146 neue Tests, alle bestanden Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 11:42:19 +01:00
Benjamin Admin	0503e72a80	fix(freigabe): Vorbereitung-Module release prep — Python 3.9 fix, Scope Engine tests, MkDocs ... - fix: company_profile_routes.py — dict|None → Optional[dict] for Python 3.9 compat (9/9 tests grün) - test: 40 Vitest-Tests für ComplianceScopeEngine (calculateScores, determineLevel, evaluateHardTriggers, evaluate integration, buildDocumentScope, evaluateRiskFlags) - docs: vorbereitung-module.md — Profil, Scope, UCCA vollständig dokumentiert - docs: mkdocs.yml — Nav-Eintrag "Vorbereitung-Module (Paket 1)" vor Analyse-Module Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 10:57:17 +01:00
Benjamin Admin	789c215e5e	feat: DSFA vollständiges DB-Schema + PDF-Ingest + Tests ... - Migration 030: alle fehlenden Spalten für compliance_dsfas (Sections 0-7) flat fields: processing_description, legal_basis, dpo_*, authority_*, ... JSONB arrays: risks, mitigations, wp248_criteria_met, ai_trigger_ids, ... JSONB objects: section_progress, threshold_analysis, review_schedule, metadata - dsfa_routes.py: DSFACreate/DSFAUpdate erweitert (60+ neue Optional-Felder) _dsfa_to_response: alle neuen Felder mit safe _get() Helper PUT-Handler: vollständige JSONB_FIELDS-Liste (22 Felder) - Tests: 101 (+49) Tests — TestAIUseCaseModules + TestDSFAFullSchema - ingest-dsfa-bundesland.sh: KNOWN_PDF_URLS (15 direkte URLs), download_pdfs() find_pdf_for_state() Helper, PDF-first mit Text-Fallback in ingest_all() Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 10:03:09 +01:00
Benjamin Admin	ff765b2d71	fix: Migration 028 robuster (section_progress UPDATE via DO-Block mit IF EXISTS) ... Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 09:32:31 +01:00
Benjamin Admin	308d559c85	feat: DSFA Section 8 KI-Anwendungsfälle + Bundesland RAG-Ingest ... - Migration 028: ai_use_case_modules JSONB + section_8_complete auf compliance_dsfas - Neues ai-use-case-types.ts: AIUseCaseModule Interface, 8 Typen, Art22Assessment, AI Act Risikoklassen, WP248-Kriterien, Privacy by Design, createEmptyModule() Helper - types.ts: Section 8 in DSFA_SECTIONS, ai_use_case_modules im DSFA Interface, section_8_complete in DSFASectionProgress - api.ts: addAIUseCaseModule, updateAIUseCaseModule, removeAIUseCaseModule - 5 neue UI-Komponenten: AIUseCaseTypeSelector, Art22AssessmentPanel, AIRiskCriteriaChecklist, AIUseCaseModuleEditor (7 Tabs), AIUseCaseSection - DSFASidebar: Section 8 Eintrag + calculateSectionProgress case 8 - ReviewScheduleSection: ai_use_case_module Trigger-Typ ergänzt - page.tsx: Section 8 Rendering + Weiter-Button auf activeSection < 8 + KI-Module Counter - scripts/ingest-dsfa-bundesland.sh: WP248 + alle 17 Behörden → bp_dsfa_corpus - Docs: dsfa.md Section 8 + RAG-Corpus, Developer Portal DSFA mit AI-Modul-Code-Beispielen Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-05 09:20:27 +01:00